Doesn’t this contradict what’s in the “Encryption at Rest in Dgraph and Badger” blog post? I had filed issue # #5336 quoting this:
If you have an existing Badger datastore that is not encrypted, enabling encryption on it will not immediately encrypt your existing data all at once. Instead, only new files are encrypted, which will happen as new data is added. As older data gets compacted and newer files generated, those would also get encrypted over time. Badger can run in this hybrid mode easily, as each SSTable and value log file stores the information about the data key used for encryption.
I’m OK with only allowing encryption for new Dgraph Alphas, but we should should be clear that what’s written on the blog doesn’t work and update the post / docs accordingly.
Does this affect Badger too? Can Badger start encrypting an existing unencrypted db?